IMSI-Catch Me If You Can: IMSI-Catcher-Catchers

A. Dabrowski, N. Pianta, T. Klepp, M. Mulazzani, E. Weippl:
"IMSI-Catch Me If You Can: IMSI-Catcher-Catchers";
Vortrag: Annual Computer Security Applications Conference (ACSAC), New Orleans, Louisiana, USA; 08.12.2014 - 12.12.2014; in:"Annual Computer Security Applications Conference (ACSAC)", (2014).

[ Publication Database ]


IMSI Catchers are used in mobile networks to identify and
eavesdrop on phones. When, the number of vendors increased
and prices dropped, the device became available to
much larger audiences. Self-made devices based on open
source software are available for about US$ 1,500.
In this paper, we identify and describe multiple methods of
detecting artifacts in the mobile network produced by such
devices. We present two independent novel implementations
of an IMSI Catcher Catcher (ICC) to detect this threat
against everyone's privacy. The rst one employs a network
of stationary (sICC) measurement units installed in a geographical
area and constantly scanning all frequency bands
for cell announcements and ngerprinting the cell network
parameters. These rooftop-mounted devices can cover large
areas. The second implementation is an app for standard
consumer grade mobile phones (mICC), without the need
to root or jailbreak them. Its core principle is based upon
geographical network topology correlation, facilitating the
ubiquitous built-in GPS receiver in today's phones and a
network cell capabilities ngerprinting technique. The latter
works for the vicinity of the phone by frst learning the cell
landscape and than matching it against the learned data.
We implemented and evaluated both solutions for digital
self-defense and deployed several of the stationary units for
a long term eld-test. Finally, we describe how to detect
recently published denial of service attacks.